Editing the bootstrap_wlp_*.xml file for Oracle connections with Kerberos SSO

To use Kerberos single sign-on (SSO) with Oracle data server connections, you must add the Oracle JVM arguments to the IBM® Cognos® Analytics bootstrap_wlp_os_version.xml file before you configure the connection in the administration interface.

This file is used when you start IBM Cognos Analytics as a service from IBM Cognos Configuration.

Procedure

From the install_location/bin64 directory, open the bootstrap_wlp_os_version.xml file in a text editor.

The full file name depends on the operating system. For example, on Linux it's bootstrap_wlp_linuxi38664.xml, and on Windows it's bootstrap_wlp_winx64.xml.

Tip: Using double quotation marks in the bootstrap_wlp_linux38664.xml file prevents IBM Java from starting, and causes Cognos startup to hang and fail.

Under <process>, <start>, <spawn> elements, add the following lines after the memory-related <param> elements:


<param>-Djava.security.krb5.conf=/etc/krb5.conf</param>
<param>-Dsun.security.krb5.debug=true</param>
<param>-Doracle.net.kerberos5_mutual_authentication=true</param>
<param>-Doracle.net.authentication_services="(KERBEROS5)"</param>

The lines must be placed exactly as shown in the following snippet from the bootstrap_wlp_*.xml file:

<process name="wlp">
	<start>
        <spawn sync="1" wait_time="5">
				
         <path>${java_home}/bin/java</path>
				
        <param condName="${ip_protocol}" condValue="IPv6">-Djava.net.preferIPv6Addresses=true</param>
        <param condName="${java_vendor}" condValue="IBM">-Xgcpolicy:gencon</param>
        <param condName="${java_vendor}" condValue="Sun">-XX:MaxNewSize=${dispatcherMaxMemoryBy2}m</param>
        <param condName="${java_vendor}" condValue="Sun">-XX:NewSize=${dispatcherMaxMemoryBy3}m</param>
        <param condName1="${java_vendor}" condValue1="Sun" condName2="${java_version}" condValue2="1.8.0" 
             condOp2="lt">-XX:MaxPermSize=128m</param>
        <param condName="${java_vendor}" condValue="Oracle">-XX:MaxNewSize=${dispatcherMaxMemoryBy2}m</param>
        <param condName="${java_vendor}" condValue="Oracle">-XX:NewSize=${dispatcherMaxMemoryBy3}m</param>
        <param condName1="${java_vendor}" condValue1="Oracle" condName2="${java_version}" condValue2="1.8.0" 
             condOp2="lt">-XX:MaxPermSize=128m</param>
        <param condName="${java_vendor}" condValue="IBM">-Xmso512K</param>
	
         <!-- sso support -->
	  <param>-Djava.security.krb5.conf=/etc/krb5.conf</param>
	  <param>-Dsun.security.krb5.debug=true</param>
	  <param>-Doracle.net.kerberos5_mutual_authentication=true</param>
	  <param>-Doracle.net.authentication_services="(KERBEROS5)"</param>
	  <!-- end sso support -->

        <param condName="${ip_protocol}" condValue="IPv4">-Djava.net.preferIPv4Stack=true</param>

Save and close the file.
Go to the Cognos Analytics administration interface to continue configuring the Oracle data server for Kerberos SSO. For more information, see Configuring data source connections when using Kerberos.